1748241 Members
3895 Online
108759 Solutions
New Discussion юеВ

sudo NOPASSWD issue

 
SOLVED
Go to solution
MikeL_4
Super Advisor

sudo NOPASSWD issue

I am running Red Hat 5.3 and have coded sudo for a user to execute some commands with the NOPASSWD option...

infort1 ALL=(ALL) NOPASSWD: /infinys/network/orl/working/APS/ClusterScripts/stopCluster.ksh /infinys/network/orl/working/APS/ClusterScripts/startCluster.ksh /infinys/network/orl/working/APS/ClusterScripts/manageClusterNode.ksh /infinys/network/orl/working/APS/ClusterScripts/cleanCluster.ksh /infinys/network/orl/working/APS/ClusterScripts/checkCluster.ksh

A sudo -l shows the correct setting that I added:
-> sudo -l
User infort1 may run the following commands on this host:
(ALL) NOPASSWD: /infinys/network/orl/working/APS/ClusterScripts/stopCluster.ksh /infinys/network/orl/working/APS/ClusterScripts/startCluster.ksh /infinys/network/orl/working/APS/ClusterScripts/manageClusterNode.ksh /infinys/network/orl/working/APS/ClusterScripts/cleanCluster.ksh /infinys/network/orl/working/APS/ClusterScripts/checkCluster.ksh
[cvoisaf01->/osg1/home/infort1]
->

However, when the infort1 user tries to execute the on of the scripts, it is still asking for the password:

-> sudo /infinys/network/orl/working/APS/ClusterScripts/checkCluster.ksh -c DISTCLUSTER -h /infinys/local/orl/HA
Password:
[cvoisaf01->/osg1/home/infort1]
->

Any ideas as to why this isn't working ??
3 REPLIES 3
Goran┬аKoruga
Honored Contributor
Solution

Re: sudo NOPASSWD issue

Hi.

Shouldn't it be like so:

infort1 ALL = NOPASSWD: cmd1, cmd2, ...

Regards,
Goran
MikeL_4
Super Advisor

Re: sudo NOPASSWD issue

Do you know how long I've looked at this command line and could't get see it...

Changed to a "," after each command and it worked....

Thanks
Matti_Kurkela
Honored Contributor

Re: sudo NOPASSWD issue

You're missing a comma "," between each allowed command.

Currently your sudoers definition file means that infort1 may run the stopCluster.ksh script, if and only if he specifies the full pathnames of other scripts as command-line arguments. If even one character is out of place in the "mandatory arguments", the command is denied.

This would be the corrected version:

infort1 ALL=(ALL) NOPASSWD: /infinys/network/orl/working/APS/ClusterScripts/stopCluster.ksh, /infinys/network/orl/working/APS/ClusterScripts/startCluster.ksh, /infinys/network/orl/working/APS/ClusterScripts/manageClusterNode.ksh, /infinys/network/orl/working/APS/ClusterScripts/cleanCluster.ksh, /infinys/network/orl/working/APS/ClusterScripts/checkCluster.ksh

Even better would be to use "\" to split the sudoers definition to multiple lines to make it more readable:

infort1 ALL=(ALL) NOPASSWD: /infinys/network/orl/working/APS/ClusterScripts/stopCluster.ksh, \
/infinys/network/orl/working/APS/ClusterScripts/startCluster.ksh, \
/infinys/network/orl/working/APS/ClusterScripts/manageClusterNode.ksh, \
/infinys/network/orl/working/APS/ClusterScripts/cleanCluster.ksh, \
/infinys/network/orl/working/APS/ClusterScripts/checkCluster.ksh

MK
MK